When routers are infected, victims mine crypto for the attacker on every page they visit.

The wave of so-called cryptojacking continues, with India being the latest focus of reports of mass infections of commercial router software in order to secretly mine the privacy-centric Monero (XMR) cryptocurrency.

Security analysts posted details saying that up to 30,000 devices in India are infected with CoinHive software, a freely available mass-mining script. Cryptojacking is the unauthorized use of a computer to mine cryptocurrency. The practice has boomed in 2018 and been described as rampant, although ZDNet recently speculated that the trend may be in decline.

Alarmingly, the Latvian-manufactured MikroTik brand routers being exploited for the clandestine mining are being distributed by huge telecoms companies in India, seemingly unaware of the problem. The top three ISPs serving infected devices are Honesty Net Solution, Elxire Data Services, and Gigantic Infotel Pvt. according to Banbreach, a cybersecurity research group. Delhi, India’s capital, is the worst-hit city in the country.

MikroTik routers have recently become notorious for their security vulnerabilities. As CryptoGlobe reported in August, nearly 200,000 infected MikroTik routers all around the world were redirecting users’ traffic to secretly mine XMR.

The XMR currency itself is a subject of controversy because of its anonymous capabilities. Japanese regulators earlier this year were pushing to get Monero and other privacy coins off exchanges, citing their potential usage in money laundering. A September article in the Wall Street Journal repeatedly underlined XMR’s use in money laundering and other illicit financial activity.